- The first thing that an organization needs to understand is exactly what constitutes an incident, what incidents are reportable and what actions they need to take when an incident occurs. The purpose of an incident response plan is to respond, investigate and report any abnormal activities that deviate from approved or expected practices on your organization's information system resources. Your plan should include a description of a security violation, a security incident and an example of when a technical vulnerability causes or could cause one or the other.

- This is an excellent Perl book. I really like the author's way of explaining concepts with clear and to-the-point examples. Unlike the Camel Book, which is full of Perl insider references and puns, Peter Wainwright explains things clearly and illustrates with practical examples.

- I rather hoped this was better than it is. Don't get me wrong, it's not bad, and it's probably worth having, but it could have been a lot better. First complaint: the index is lousy. Several times I wanted to go back and review something that I had read about in an earlier chapter, but was unable to find what I wanted with the index and had to resort to flipping through pages. Second, some of the material just is not explained well: if you are not already quite expert at Apache, you will find parts of this very confusing. Of course, that's a bit unfair: you really can't expect a book dedicated to Apache security to spend a lot of time explaining basics.

- I'd suggest using Microlite or Lonetar for this. You aren't really verifying with that anyway if you are using stock cpio and the Supertars are far better products - see for example the recent review of Edge at /Reviews/backupedge21.html (similar features are available in the Lonetar product).

- msn search: I've tested MSN against Google before and have noticed that for searches where articles here are in the top ten, they are always lower at MSN, and sometimes not on the first page at all. But that's hardly statistically significant. The same charge has been made against Ivan's samples, saying that they are too small to be meaningful.

- RFC 1630 defines URI's and RFC 1738 defines URL's. According to RFC 1630, a URL is a type of URI, so 1738 is just further explanation. The other type is a URN, which is supposed to be more consistent, and is actually just more confusing (in my opinion, of course). Don't even get me started about URC's: what the heck is "URC's are thought of as collections of metadata about some data" supposed to mean? The more people try to explain this the more confusing it gets.

- This is billed as a security book, and yes, that is its focus, but that isn't why you should read it. First: this is ultra-heavy geek territory, but it's not necessarily computer geeks only. What I mean is that although this is all computer and networking related, any general engineering geek-type will probably enjoy it. It is emphatically NOT about buffer overflows and the like; it's about the really esoteric stuff, and therefor interesting even if you aren't that interested in deep level security topics.

- The "Magic Sysrequest key" is Alt (left or right Alt key) and Sysrq (up there under Print Screen, next to F12 on most keyboards). To use it, you need to have it enabled in your kernel (CONFIG_MAGIC_SYSRQ). It usually is; if you have a file called '/proc/sys/kernel/sysrq' you have this. To ENABLE the magic functions, you need a "1" in that file. If it has 0, Alt-SysRq just returns you to the previous console you were using.

- Syslog is a wonderful thing. In theory, it lets an administrator fully control where and how messages get logged. Of course, the first requirement is that the program you wish to control uses syslog for logging, but even assuming that it does, it can still be difficult to get what you want.

- Mail from host 'redhat' is being relayed through smtp.conservent.com, which rejects the email since it has no reverse DNS path to redhat.alliedstorage.com. I don't want to make a record for redhat.alliedstorage.net. I do want to make email from redhat.alliedstorage.com appear to come from alliedstorage.com so that smtp.conservent.com won't reject it.

- Some security packages address the problem by stripping all (or nearly all) network services and then instruct you to be careful about what you add to the system. That's a great approach but requires that you "get your hands on" the system before anyone laye rs anything onto it and you understand what you're adding to the system when you add it back in. These are two conditions that do not apply at many sites.\xa0 The approach here is different. We will consider services offered by the AIX 5.1 operating system, try to explain what each does, note the risks involved with each and make recommendations about what one ought to do to mitigate the risk.